• No results found

Enhancing Data Availability of large Cloud Storage keys

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Enhancing Data Availability of large Cloud Storage keys"

Copied!
6
0
0

Loading.... (view fulltext now)

Download now ( 6 Page )

Full text

(1)

Enhancing Data Availability of large Cloud Storage keys

Deepika S

M. Tech., Computer Network Engg.,

BMS College of Engineering

Bangalore, India

[email protected]

Dr. M. Dakshayini

Professor (ISE)

BMS College of Engineering

Bangalore, India

[email protected]

Abstract

Cloud computing is the most popular concept in the present technology. Storage-as-Service is one of the best feature of cloud computing. Cloud users are allowed to store and access their data anywhere and at anytime. Usually data will be stored in encrypted form. And security of these keys is a major problem. Becasuse, if the keys are compromised then whole data get compromised. Along with security, availability also plays very important role. So taking back up of keys and using the same to restore is usual and essential process.

In this paper we are proposing and implementing a method to backup and restore the large amount of keys in JAR file by overcoming the limitation of JAR file which finally results in easy and transparent restoration

1. Introduction

Defining the word cloud computing is a difficult task. Cloud computing generally involves a large number of computers connected through a communication network such as the Internet and sharing the available resources. According to the definition given by the US National Institute of Standards and Technology (NIST) [1]:

“Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” Cloud computing users are allowed to access the data stored, applications, platforms, and computing services anywhere and at anytime in secured way and pay for exactly what they used. Cloud computing providers offer their services according to three fundamental models [4]: Infrastructure as a service (IaaS), platform

where IaaS is the most basic and each higher model abstracts from the details of the lower models.[7]

One among the three different service models of cloud computing is:

Infrastructure-as-a-service (IaaS) where the server’s computational and storage infrastructure [12] are allowed to be accessed by cloud users [2][10][14]. Thus it is very important to carry out the communication and storage in secured way which is done using different encryption schemes. The keys used for encryption are very important and securing these keys from third party is also a important task in cloud computing. And making these keys available all time as soon as the user request for data is of higher priority.

This paper is organized as follows: Section 2 gives the idea about necessity of backup, followed by Section 3 which explains the problem, in Section 4 we propose a solution to the problem, which is followed by implementation and result details in Section 5 & 6.

2. Issues in cloud security

According to the research report, KPMG's 2010 Cloud Computing Survey, 2010, [5] security is the biggest obstacle to cloud adoption [9] (as shown in the figure.1), followed closely by legal, compliance, and privacy issues

(2)

The three main issues related to security of cloud are [2][6]:

Confidentiality: It is the assurance that the data is protected from the unauthorized access.

Integrity: The assurance that data received exactly as sent by an authorized entity without any modification. Availability: It is the assurance that the data stored in cloud will be available in the requested format to the user whenever he requests which is ensured by authentication, fault tolerance, backup and restore.

Figure 2: The CIA triad

Cryptography involves security-related transformation [8] on the information to be sent or stored in unsecured medium. Usually confidentiality is provided by encrypting the data which is either in storage medium or in transmission channel [13]. As a result many keys will be present and those should be maintained in secured way. If these keys are not secured, then the whole data can be compromised. These keys will be large in number and backup of these are also very important to provide efficient availability.

3. Problem Statement

The usual way followed by many is to backup the required data as a single entry (in this case the keys) in a JAR file, so that everything will be in a single file in secured way. Usually the backup JAR file consists of keys as a single entry which is extracted from the database, keystore items and configuration items which helps for proper restoration. The JAR content is shown in figure 3 [ 3] :

MANIFEST.MF

KEYS

CONFIGURATION

PROPERTIES

OTHERS

Figure 3: JAR content The JAR file has the following advantage:

• All related information like backup data, system state information ie properties, configuration in a single file.

• The data in JAR file will be automatically compressed so occupying comparatively lesser space either for storage or transmission.

• The JAR file comprises a manifest file which gives metadata information about the data in JAR that is date of creation, size, format and many other where all these can be used for determining whether any the selected fields have been modified or not.

• Checksum of each entry in JAR can be used for determining any modification.

But the limitation of jar in java 6 is that an entry size cannot be more than 4GB[11].In cloud as the data is large and in turn the keys used will be more. As the keys will be large in number the overall size of keys may exceed 4GB.

4. Proposed Solution

To overcome this limitation of JAR the entry which exceeds the threshold size is split into many of desired size and each are made as separate entry in the JAR. The keys are encrypted and compressed for better security and utilization, while making them as an entry. So care must be taken while splitting.

Parameters used in algorithm:

Name Description

backupDir Directory which contains data which should be backed up

FILE_MAXSIZE_LIMIT Maximum single file size allowed in JAR SPLIT_FILE_MAXSIZE Maximum size of split

file

s Split file

es Encrypted split file

ces Compressed encrypted

(3)

Algorithm:

for each item in backupDir {

if(file_size >FILE_MAXSIZE_LIMIT) {

splitFile s into distinct file of size SPLIT_FILE_MAXSIZE for each split file s

{

encrypt(s) compress(es) add(ces) into JAR

updateManifest(ces) make necessary updation in manifest file

} } else { encrypt(f) compress(ef) add(cef) into JAR

updateManifest(cef) make necessary updation in manifest file

} }

The procedure followed during backup is:

a. Split: The entry which exceeds the FILE_MAXSIZE_LIMIT will be split into many of size SPLIT_FILE_MAXSIZE.

b. Encrypt: Each split part will be encrypted separately.

c. Compress: Each encrypted part is compressed separately.

d. Make JAR entry: each separate part is added into jar.

e. Update Manifest entry: Corresponding details are entered into manifest

All these processes are transparent to user and user who opts for backup need not worry about all this and he selects the option of backup in the way usual he was doing before.

The procedure followed during restore is:

a. Read Manifest entry: Each entry in manifest file is read separately.

b. Extract JAR entry: Corresponding JAR entry is extracted.

c. Decompress: The extracted content are decompressed.

d. Decrypt: Following the decompression, the decompressed content is decrypted.

e. Combine: Accordingly in the same order the content are combined.

Figure 4: During Backup and Restore This content resembling the whole backup data (collection of keys) which is same before splitting is given as input to restore. Thus there is no requirement to make changes in the restore part of coding and it remains as before.

5. Implementation

The proposed system is implemented by modifying the existing code of backup, only in the write part of JAR where it follows the below procedure:

• While adding up the data (collection of keys) to the JAR, the size of data is checked.

• If the size exceeds 4GB before making entry into the JAR the data is split into desired size parts. Split module:

• In split module to avoid the over usage of memory, data is continuously written into temporary file until it reaches the desired size.

• When it reaches, that file is encrypted and compressed using any of the existing encryption schemes and compression techniques for security and space better utilization purpose.

• Then that temporary file is written into JAR that is making that as an entry.

• Accordingly the manifest file is updated with the proper filename which will be of our convenience which makes the combining process during restoration easier, JAR entry size, creation time, JAR entry format.

split encrypt compress Jar entry Jar entry y Jar entry Jar entry Jar entry Jar entry Jar entry Update manifest Read manifest Extract jar decompress sssess decrypt Combine

(4)

And during restoration the procedure follows as below: Combine module:

• Manifest file is read one by one and if the name indicates that it is a split file then corresponding entry is extracted the JAR file.

• That is decompressed followed by decryption using corresponding algorithm used during compression and encryption process.

• Then that is written into the single file looping over the manifest file for the other entries following the same procedure.

• At last it end up in getting a single file which is similar to the one which is not split during backup. • Thus the restore coding need not to be changed and finally results in successful restoration using the configuration and properties file.

6. Results

Experiment carried out with backupDir of size 33MB by setting up the FILE_MAXSIZE_LIMIT to 10MB and SPLIT_FILE_MAXSIZE also 10 MB. Fig 5 shows the snapshot of backup JAR file.

Figure 5: Snapshot of backup JAR 7. Conclusion

Following this proposed model allows the backup and restore of the large files to be successful using the same traditional JAR file by overcoming the size limitation. Usage of same JAR file format allows easy portability, better storage and transmission space utilization, security in terms of checksum verification. And also it does not need any modification in the backup and restore coding as only the changes are made during writing to and extracting from the JAR.

8. References

[1] Joshi, J.B.D., Gail-Joon Ahn. Security and Privacy Challenges in Cloud Computing Environments. IEEE Security Privacy Magazine, Vol 8, IEEE Computer Society, 2010, p.24-31.

[2] Ashish Agarwal, Aparna Agarwal. The Security Risks Associated with Cloud Computing. International Journal of Computer Applications in Engineering Sciences [VOL I, SPECIAL ISSUE ON CNS, JULY 2011] [ISSN: 2231-4946].

[3] Karan Singh, Steven Hart, William C. Johnston, Lynda Kunz, Irene Penney “IBM Tivoli Key Lifecycle Manager for z/OS”

[4] R. Agarwal, H. Lucas, The information systems identity crisis: focusing on highvisibility and high-impact research, MIS Quarterly 29 (3) (2005) 381–398. [5]http://www.kpmg.com/ES/es/ActualidadyNovedades /ArticulosyPublicaciones/Documents/2010-Cloud-Computing-Survey.pdf

[6] William Stallings, Cryptography and Network Security- Principles and Practices, 3rd Edition, Prentice Hall of India, 2003.

[7] Shyam Patidar, Dheeraj Rane and Pritesh Jain, "A Survey Paper on Cloud Computing," 2012 Second International Conference on Advanced Computing & Communication Technologies."

[8]http://en.wikipedia.org/wiki/Cryptography

[9] Joshi, J.B.D., Gail-Joon Ahn. Security and Privacy Challenges in Cloud Computing Environments. IEEE Security Privacy Magazine, Vol 8, IEEE Computer Society, 2010, p.24-31.

[10] Farzad Sabahi. Cloud Computing Security Threats and Responses. Communication Software and Networks (ICCSN), 2011 IEEE 3rd International Conference.

[11]http://en.wikipedia.org/wiki/Zip_(file_format)

[12] Gurudatt Kulkarni, Ramesh Sutar and Jayant Gambhir, "Cloud Computing-Storage as Service," International Journal of Engineering Research and Applications (IJERA), ISSN: 2248-9622, Vol. 2, Issue 1, Jan-Feb 2012, pp.945-950.

(5)

[13] “Towards Secure and Dependable Storage Services in Cloud Computing” Cong Wang, Student Member, IEEE, Qian Wang, Student Member, IEEE, Kui Ren, Member, IEEE,Ning Cao, Student Member, IEEE, and Wenjing Lou, Senior Member, IEEE-2011 [14] M.Venkatesh, M.R.Sumalatha, Mr.C.SelvaKumar. Improving Public Auditability, Data Possession in Data Storage Security for Cloud Computing. Recent Trends In Information Technology (ICRTIT), 2012 International Conference, April 2012.

(6)

References

Download now ( PDF - 6 Page - 1.06 MB )

Related documents

Performance Audit Distance and Online Education Programs in Utah Schools. Utah State Board of Education Internal Audit Department

Numerous  complaints  were  received  by  the  Utah  State  Board  of  Education  (the  Board),  the  State  Charter  School  Board  (the  SCSB),  and  the 

Multiple time-xcales analysis of global stock markets spillovers effects in African stock markets

In the short run and long run during the 2008 finan- cial crisis, the spillovers from developed stock markets rise in the African financial market confirming the immediate impact

How To Diagnose Cerebral Palsy

If your doctors have decided that your child does have cerebral palsy, a team of health care professionals can help identify specific needs and then develop a treatment plan to

Coronary Artery Disease in Young Indians: A Different Entity

1) To assess the level of maternal knowledge about folic acid among women attending well baby clinic in ministry of health primary health care centers in

Drinking behaviors of large groups : studies disentangling population drinking in Sweden

Studies I & II provide an empirical test of the theory of collectivity of drinking cultures based on temporal changes in the adult population and in the youth population.

World Health Organization Classification of Tumours. Pathology and Genetics of Tumours of Soft Tissue and Bone

tumour of soft parts 191 Ectopic hamartomatous thymoma 192 Angiomatoid fibrous histiocytoma 194 Ossifying fibromyxoid tumour 196 Mixed tumour / Myoepithelioma / Parachordoma

Effect of the inclusion of Galium in normal Cadmium chloride treatment on electrical properties of CdS/CdTe solar cell

Based on this understanding, this work focuses on the effect of the inclusion of shallow donor dopant such as gallium into the normal cadmium chloride post-growth treatment as

Macro Trends, Complexity, and So6ware Defined Networking: An Architectural PerspecBve

OpenFlow provides an open protocol to program the flow- table in di ff erent switches and routers. A network admin- istrator can partition tra ffi c into production and